Support sha256 for vpn-ikepolicy and vpn-ipsecpolicy

Currently only sha1 is supported for vpn ikepolicy and ipsecpolicy config. One patch is already merged to support sha256 for these 2 configs. Sync neutron command to support sha256. Change-Id: I8c1189bd0eba3de12cd1ef78b795e46efe65c29e Depends-On: I02c80ec3494eb0edef2fdaa5d21ca0c3bbcacac2 Closes-Bug: #1567846
2016-04-15 23:18:31 -05:00
parent 7be2ca5b21
commit b16bc6cffa
4 changed files with 50 additions and 12 deletions
--- a/neutronclient/neutron/v2_0/vpn/ikepolicy.py
+++ b/neutronclient/neutron/v2_0/vpn/ikepolicy.py
@@ -49,7 +49,7 @@ class CreateIKEPolicy(neutronv20.CreateCommand):
            help=_('Description of the IKE policy'))
        parser.add_argument(
            '--auth-algorithm',
-            default='sha1', choices=['sha1'],
+            default='sha1', choices=['sha1', 'sha256'],
            help=_('Authentication algorithm in lowercase. '
                   'Default:sha1'))
        parser.add_argument(
--- a/neutronclient/neutron/v2_0/vpn/ipsecpolicy.py
+++ b/neutronclient/neutron/v2_0/vpn/ipsecpolicy.py
@@ -53,7 +53,7 @@ class CreateIPsecPolicy(neutronv20.CreateCommand):
            help=_('Transform protocol in lowercase, default:esp'))
        parser.add_argument(
            '--auth-algorithm',
-            default='sha1', choices=['sha1'],
+            default='sha1', choices=['sha1', 'sha256'],
            help=_('Authentication algorithm in lowercase, default:sha1'))
        parser.add_argument(
            '--encryption-algorithm',
--- a/neutronclient/tests/unit/vpn/test_cli20_ikepolicy.py
+++ b/neutronclient/tests/unit/vpn/test_cli20_ikepolicy.py
@@ -25,13 +25,14 @@ class CLITestV20VpnIkePolicyJSON(test_cli20.CLITestV20Base):

    non_admin_status_resources = ['ikepolicy']

-    def test_create_ikepolicy_all_params(self):
+    def _test_create_ikepolicy_all_params(self, auth='sha1',
+                                          expected_exc=None):
        # vpn-ikepolicy-create all params.
        resource = 'ikepolicy'
        cmd = ikepolicy.CreateIKEPolicy(test_cli20.MyApp(sys.stdout), None)
        name = 'ikepolicy1'
        description = 'my-ike-policy'
-        auth_algorithm = 'sha1'
+        auth_algorithm = auth
        encryption_algorithm = 'aes-256'
        ike_version = 'v1'
        phase1_negotiation_mode = 'main'
@@ -67,9 +68,27 @@ class CLITestV20VpnIkePolicyJSON(test_cli20.CLITestV20Base):
            },
        }

+        if not expected_exc:
            self._test_create_resource(resource, cmd, name, my_id, args,
                                       position_names, position_values,
                                       extra_body=extra_body)
+        else:
+            self.assertRaises(
+                expected_exc,
+                self._test_create_resource,
+                resource, cmd, name, my_id, args,
+                position_names, position_values,
+                extra_body=extra_body)
+
+    def test_create_ikepolicy_all_params(self):
+        self._test_create_ikepolicy_all_params()
+
+    def test_create_ikepolicy_auth_sha256(self):
+        self._test_create_ikepolicy_all_params(auth='sha256')
+
+    def test_create_ikepolicy_invalid_auth(self):
+        self._test_create_ikepolicy_all_params(auth='xyz',
+                                               expected_exc=SystemExit)

    def test_create_ikepolicy_with_limited_params(self):
        # vpn-ikepolicy-create with limited params.
--- a/neutronclient/tests/unit/vpn/test_cli20_ipsecpolicy.py
+++ b/neutronclient/tests/unit/vpn/test_cli20_ipsecpolicy.py
@@ -25,13 +25,14 @@ class CLITestV20VpnIpsecPolicyJSON(test_cli20.CLITestV20Base):

    non_admin_status_resources = ['ipsecpolicy']

-    def test_create_ipsecpolicy_all_params(self):
+    def _test_create_ipsecpolicy_all_params(self, auth='sha1',
+                                            expected_exc=None):
        # vpn-ipsecpolicy-create all params with dashes.
        resource = 'ipsecpolicy'
        cmd = ipsecpolicy.CreateIPsecPolicy(test_cli20.MyApp(sys.stdout), None)
        name = 'ipsecpolicy1'
        description = 'first-ipsecpolicy1'
-        auth_algorithm = 'sha1'
+        auth_algorithm = auth
        encryption_algorithm = 'aes-256'
        encapsulation_mode = 'tunnel'
        pfs = 'group5'
@@ -66,9 +67,27 @@ class CLITestV20VpnIpsecPolicyJSON(test_cli20.CLITestV20Base):
            },
        }

+        if not expected_exc:
            self._test_create_resource(resource, cmd, name, my_id, args,
                                       position_names, position_values,
                                       extra_body=extra_body)
+        else:
+            self.assertRaises(
+                expected_exc,
+                self._test_create_resource,
+                resource, cmd, name, my_id, args,
+                position_names, position_values,
+                extra_body=extra_body)
+
+    def test_create_ipsecpolicy_all_params(self):
+        self._test_create_ipsecpolicy_all_params()
+
+    def test_create_ipsecpolicy_auth_sha256(self):
+        self._test_create_ipsecpolicy_all_params(auth='sha256')
+
+    def test_create_ipsecpolicy_invalid_auth(self):
+        self._test_create_ipsecpolicy_all_params(auth='xyz',
+                                                 expected_exc=SystemExit)

    def test_create_ipsecpolicy_with_limited_params(self):
        # vpn-ipsecpolicy-create with limited params.